The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting a VMware product.

Technical Details

This vulnerability concerns a VMware product.

Multiple vulnerabilities are addressed in the latest update released by Broadcom.

The most serious vulnerability (CVSS score: 8.5) is CVE-2025-22218.

Specifically, a threat actor can exploit the above CVE and although he has View Only Admin access the exploit will allow him to access credentials of VMware products linked to VMware Aria Operations for Logs.

Affected Products:

VMware Aria Operations for Logs

Recommendations

The Digital Security Authority recommends updating the affected product version by applying the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in Broadcom support website.  

References

1. https://nvd.nist.gov/vuln/detail/CVE-2025-22218
2.  https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329

The information presented in this report is based on available data up to the 3rd of February 2025.

[ Get the report in .PDF ]